CVE-2024-50298
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50298: In the Linux kernel, a null pointer dereference vulnerability was identified in the net: enetc driver. This issue arises due to the improper allocation of vf_state memory during PF probes. In some cases, net_device_ops::ndo_set_vf_mac() is called before VF is enabled to configure the MAC address, leading to vf_state being a null pointer. This can result in a kernel panic or potentially allow an attacker to execute arbitrary code. The error log displays a NULL pointer dereference at virtual address 0x0, with the root cause being enetc_pf_set_vf_mac() accessing an uninitialized vf_state pointer.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX